Excessive Iteration
CVE-2016-7421
Summary
The pvscsi_ring_pop_req_descr function in hw/scsi/vmw_pvscsi.c in QEMU (aka Quick Emulator) allows local guest OS administrators to cause a denial of service (infinite loop and QEMU process crash) by leveraging failure to limit process IO loop to the ring size.
- LOW
- LOCAL
- NONE
- UNCHANGED
- NONE
- HIGH
- NONE
- HIGH
CWE-834 - Excessive Iteration
The software performs an iteration or loop without sufficiently limiting the number of times that the loop is executed.
References
Advisory Timeline
- Published